CVE-2022-2592

CVSS 6.5 MEDIUMEPSS 1.0%CWE-1284

In short

GitLab doesn't properly limit the size of text descriptions in code snippets, allowing authenticated users to create extremely large snippets that can overload the server and make it unavailable to others.

Technical detail

A lack of input length validation on Snippet description fields in GitLab CE/EE allows authenticated attackers to submit excessively large payloads that consume excessive server resources when the snippet is accessed, resulting in potential Denial of Service. The vulnerability affects versions before 15.1.6, 15.2.4, and 15.3.2.

Summary generated and translated by AI from the official description.

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json https://gitlab.com/gitlab-org/gitlab/-/issues/362566 https://hackerone.com/reports/1544507